shred is a command on Unix-like operating systems that can be used to securely delete files and devices so that it is extremely difficult to recover them, even with specialized hardware and technology; assuming recovery is possible at all, which is not always the case. It is a part of GNU Core Utilities.[1] Being based on the Gutmann method paper,[1] it suffers from the same criticisms and possible shortcomings.

shred
Developer(s)Colin Plumb
Repository
Operating systemUnix-like
PlatformCross-platform
TypeCommand
License

Background

edit

For efficiency, the process of erasing a file from storage using the rm command usually only erases the file's file-system entry while keeping the content of the file intact. This frequently allows commonly available software to recover the "erased" file's data. If the file data is stored on magnetic media such as a HDD, even if the file is overwritten, residual magnetic fields may allow data recovery using specialist hardware equipment (this claim is disputed; see Gutmann method § Criticism). To prevent this, shred overwrites the contents of a file multiple times, using patterns chosen to maximize destruction of the residual data.

Features

edit

shred can be invoked either on ordinary files or on devices (such as hard disk partitions), which are represented as files in Unix. By default, the command overwrites the file three times with multiple patterns, but the number is user configurable. It has an option to do an additional final overwrite with zeroes, which may help to hide the fact that it was used.

By default, shred also shreds file slack (unused space in file allocations). For example, a 5 KB file on a file system with 4 KB clusters actually requires 8 KB of storage. Shred has an option to overwrite only the file itself, as well as an option to delete the file after it has completed operation.

Limitations

edit

A limitation of shred when invoked on ordinary files is that it only overwrites the data in place without overwriting other copies of the file. Copies can manifest themselves in a variety of ways, such as through manual and automatic backups, file system snapshots, copy-on-write filesystems, wear leveling on flash drives, caching such as NFS caching, and journaling.[1] All limitations imposed by the file system can be overcome by shredding every device on which the data resides instead of specific files. However, since wear leveled devices do not guarantee a fixed relationship between logical blocks addressable through the interface and the physical locations in which the data is stored, shredding may not provide adequate security. If available, the SATA secure erase command, issued through hdparm or a similar utility, may be helpful in this situation. Even for magnetic devices, SATA secure erase will be faster and more reliable than shredding. Physical destruction may be necessary to securely erase devices such as memory cards and unusable hard disks.

Gutmann method, which shred is based on, is known to fail on USB sticks.[2]

Alternatives

edit

The scrub command overwrite sequence of data being compliant with a Dec. 2005 draft of National Nuclear Security Administration Policy Letter NAP-14.x. Written by Jim Garlick of LLNL, it offers a selection of overwrite sequences, though all ultimately suffer from the same limitations outlined above.[3]

See also

edit

References

edit
  1. ^ a b c "shred invocation (GNU Coreutils 9.3)". www.gnu.org.
  2. ^ Michael Wei; Laura M. Grupp; Frederick E. Spada; Steven Swanson (2011). "Reliably Erasing Data From Flash-Based Solid State Drives" (PDF). FAST'11: Proceedings of the 9th USENIX conference on File and storage technologies. Wikidata Q115346857. Retrieved 2018-01-08.
  3. ^ scrub(1) – FreeBSD General Commands Manual
edit